Lucene search
K

10518 matches found

CNNVD
CNNVD
added 2024/05/30 12:0 a.m.3 views

WordPress plugin Yumpu ePaper publishing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5CVSS6.5AI score0.00316EPSS
Exploits0References3
NVD
NVD
added 2024/05/29 4:15 a.m.18 views

CVE-2024-0434

The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbmnewplacesave' function in all versions up to, and including, 1.7.1. This makes it possible for...

5.3CVSS5.5AI score0.00389EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.3 views

PT-2024-15558 · WordPress · Wptravelly

Name of the Vulnerable Software and Affected Versions: WpTravelly plugin for WordPress versions prior to 1.7.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the ttbm new place save function. This enables unauthenticated attackers to create an...

5.3CVSS7AI score0.00389EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.5 views

The vulnerability of the OXMF template parser component in the OX App Suite software allows a perpetrator to execute arbitrary commands and gain access to read, modify, or delete data.

The vulnerability of the OXMF template parser component in the OX App Suite program lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and gain acces...

10CVSS8AI score0.0133EPSS
Exploits0References5Affected Software2
Redos
Redos
added 2024/05/29 12:0 a.m.8 views

ROS-20240529-05

A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...

7.5CVSS7.6AI score0.46677EPSS
Exploits6
CNNVD
CNNVD
added 2024/05/29 12:0 a.m.3 views

WordPress Plugin WpTravelly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00389EPSS
Exploits0References4
OSV
OSV
added 2024/05/28 5:4 p.m.3 views

CLSA-2024-1716915845 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u412-b08. That fixes the following CVEs: - CVE-2024-21011: Denial of service due to long Exception message logging - CVE-2024-21085: Pack200 excessive memory allocation - CVE-2024-21068: Integer overflow in C1 compiler address generation - CVE-2024-21094: Unauthorized...

3.7CVSS6.2AI score0.01361EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/28 12:0 a.m.19 views

JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast

Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for coejobhoo...

9.8CVSS7.6AI score0.00546EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/27 6:18 p.m.13 views

CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS7.5AI score0.01596EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/05/24 6:42 a.m.25 views

CVE-2024-0893 Schema App Structured Data <= 2.2.0 - Missing Authorization

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...

4.3CVSS5.9AI score0.00343EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.4 views

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS7.2AI score0.00395EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.5 views

The vulnerability of the Simphony POS component of the Oracle Hospitality Simphony sales management platform allows a perpetrator to gain access to modify, add, or delete data, or to trigger a service failure.

The vulnerability of the Simphony POS component of the Oracle Hospitality Simphony sales management platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data, or cause service interruptions...

7CVSS7.2AI score0.0052EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.6 views

The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—systems that enable attackers to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

6.4CVSS7.2AI score0.00346EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.6 views

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS7.2AI score0.00382EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/23 5:15 a.m.16 views

CVE-2023-6325

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/23 4:30 a.m.20 views

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2024/05/23 4:30 a.m.60 views

CVE-2023-6325

CVE-2023-6325 concerns the RomethemeForm For Elementor WordPress plugin. The vulnerability arises from a missing capability check in export_entries, rtformnewform, and rtformupdate, affecting all versions up to 1.1.5. Consequences include unauthenticated export of form submissions, creation of ne...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/23 4:30 a.m.15 views

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS6.9AI score0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.2 views

PT-2024-40520 · Unknown · Developmentadmin

Name of the Vulnerable Software and Affected Versions: DevelopmentAdmin affected versions not specified Description: The issue concerns a missing permission check in the buildDefaults method on DevelopmentAdmin. Specifically, when accessing the /dev/build/defaults endpoint, the action is performe...

6.5CVSS6.8AI score
Exploits0References7
OSV
OSV
added 2024/05/22 11:15 p.m.3 views

CVE-2023-46807

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...

6.7CVSS5.8AI score0.01054EPSS
Exploits0References1
Rows per page
Query Builder